Include the EE set on a workflow template in the resolver hierarchy
SUMMARY
This step comes immediately after checking the actual job/template for
an explicitly set EE.
Note that now, because of how jobs are spawned off of workflow nodes,
the call to .resolve_execution_environment() no longer happens in
.create_unified_job(). The job instance within .create_unified_job()
doesn't yet have access to the node that it will be attached to,
making it impossible to use this information in the resolver if called
there.
related #9560
ISSUE TYPE
Feature Pull Request
Bugfix Pull Request
COMPONENT NAME
API
AWX VERSION
Reviewed-by: Shane McDonald <me@shanemcd.com>
Reviewed-by: Christian Adams <rooftopcellist@gmail.com>
* AWX_ISOLATION_SHOW_PATHS will be shared between containers. Strange
file not found error can crop up when concurrently accessing shared
directories between multiple containers that are bind mounted with big
Z. So make sure we use little z.
Adds resource name and description to launch and schedule prompt wizards
SUMMARY
link #8249
link #7254
Launch with description:
Launch without description:
ISSUE TYPE
Feature Pull Request
COMPONENT NAME
UI
Reviewed-by: Keith Grant <keithjgrant@gmail.com>
Reviewed-by: Kersom <None>
Reviewed-by: Michael Abashian <None>
Reviewed-by: Tiago Góes <tiago.goes2009@gmail.com>
clarify format of date for host_metric
SUMMARY
@amolgautam25 @AlanCoding let me know what you think -- I was taking a second look at the CLI and took me a bit to remember the format it wants is YYYY-MM-DD
Reviewed-by: Alan Rominger <arominge@redhat.com>
Reviewed-by: Amol Gautam <amol_gautam25@yahoo.co.in>
This step comes immediately after checking the actual job/template for
an explicitly set EE.
Note that now, because of how jobs are spawned off of workflow nodes,
the call to .resolve_execution_environment() no longer happens in
.create_unified_job(). The job instance within .create_unified_job()
doesn't yet have access to the node that it will be attached to,
making it impossible to use this information in the resolver if called
there.
Fixes bug where users were unable to click on text next to checkboxes/radios in modals
SUMMARY
link #8852
This should impact lists in modals where the user can select one or more of the rows. They should now be able to click on the text/row in order to select. Examples:
ISSUE TYPE
Bugfix Pull Request
COMPONENT NAME
UI
Reviewed-by: Kersom <None>
Reviewed-by: Tiago Góes <tiago.goes2009@gmail.com>
Add the ability to disable local authentication
SUMMARY
When an external authentication system is enabled, users would like the ability to disable local authentication for enhanced security.
related #4553
TODO
create a configure-Tower-in-Tower setting, DISABLE_LOCAL_AUTH
expose the setting in the settings UI
be able to query out all local-only users
User.objects.filter(Q(profile__isnull=True) | Q(profile__ldap_dn=''), enterprise_auth__isnull=True, social_auth__isnull=True)
see: awx/main/utils/common.py, get_external_account
write a thin wrapper around the Django model-based auth backend
update the UI tests to include the new setting
be able to trigger a side-effect when this setting changes
revoke all OAuth2 tokens for users that do not have a remote
auth backend associated with them
revoke sessions for local-only users
ultimately I did this by adding a new middleware that checks the value of this new setting and force-logouts any local-only user making a request after it is enabled
settings API endpoint raises a validation error if there are no external users or auth sources configured
The remote user existence validation has been removed, since ultimately we can't know for sure if a sysadmin-level user will still have access to the UI. This is being dealt with by using a confirmation modal, see below.
add a modal asking the user to confirm that they want to turn this setting on
ISSUE TYPE
Feature Pull Request
COMPONENT NAME
API
UI
AWX VERSION
Reviewed-by: Jeff Bradberry <None>
Reviewed-by: Bianca Henderson <beeankha@gmail.com>
Reviewed-by: Mat Wilson <mawilson@redhat.com>
Reviewed-by: Michael Abashian <None>
Reviewed-by: Chris Meyers <None>
Converts Options lists and other modal lists to tables
SUMMARY
This addresses #10162. Note this issue I found while working on this #10181
Kicked Off E2E
ISSUE TYPE
Feature Pull Request
COMPONENT NAME
UI
AWX VERSION
ADDITIONAL INFORMATION
Reviewed-by: Jake McDermott <yo@jakemcdermott.me>
Reviewed-by: Keith Grant <keithjgrant@gmail.com>
Reviewed-by: Tiago Góes <tiago.goes2009@gmail.com>
Fixes bug where activity stream changes were displaying as [object object]
SUMMARY
Resolves#10138
Here it is working:
In this case the value passed to the VariablesDetail component is a straight up JSON object (not a stringified JSON object) which that component does not seem to like in its current state.
Rather than looking at changing the VariablesDetail implementation I decided to just stringify the object before it gets passed in. Since this object is generated by the backend I think it's safe to assume it will always be an object.
ISSUE TYPE
Bugfix Pull Request
COMPONENT NAME
UI
Reviewed-by: Kersom <None>
Reviewed-by: Tiago Góes <tiago.goes2009@gmail.com>
Update migration page as per latest name changes
Update migration page as per latest name changes
rename.mov
See: #8355
Reviewed-by: Tiago Góes <tiago.goes2009@gmail.com>
Reviewed-by: Jake McDermott <yo@jakemcdermott.me>
Container groups registry creds
SUMMARY
Fixes#10114
In VM-based installs, the user provides image pull creds to us, then we put them in an authfile and give it to podman via --authfile.
This is not so simple with ContainerGroups because we need to use the k8s API to apply a podspec to create containers in this paradigm.
Currently, the EE pod gets created, but errors when pulling the custom EE in from the private repo:
This work will modify the init() for the AWXReceptorJob class to create a k8s secret in the given namespace, then specify that secret name in the pod-spec as an imagePullSecret
Also, the imagePullPolicy was not being enforced when running JT's in EE's using container groups, this is because the imagePullPolicy nevery got set on the pod spec.
ISSUE TYPE
Bugfix Pull Request
COMPONENT NAME
API
AWX VERSION
devel
ADDITIONAL INFORMATION
Issues that this solves:
Image pull secret now gets created in the cluster namespace specified by the user for that container group.
imagePullSecret name gets set on the pod spec
If the pull secret already exists in the namespace, delete it, then create it. (kube_api.replace_namespaced_secret did not work for this case...)
Enforce imagePullPolicy for EE's in container groups
Basic error handling
Reviewed-by: Alan Rominger <arominge@redhat.com>
Reviewed-by: Christian Adams <rooftopcellist@gmail.com>
Reviewed-by: Jeff Bradberry <None>
Reviewed-by: Shane McDonald <me@shanemcd.com>
Reviewed-by: Chris Meyers <None>
Updates PF
SUMMARY
This is a dependency bump for PF so that I can get an update that fixes a validation bug in pf date picker.
E2E test have been triggered
ISSUE TYPE
dep bump
COMPONENT NAME
UI
AWX VERSION
ADDITIONAL INFORMATION
Reviewed-by: Jake McDermott <yo@jakemcdermott.me>
Reviewed-by: Tiago Góes <tiago.goes2009@gmail.com>
- base64 encode secret values before creating the secret
- Construct valid .dockerconfigjson
- Cancel jobs where it will obviously fail & error handling
- Check if the secret exists first, then attempts to replace it if it does.
tweak message about image pull option
SUMMARY
I'm not sure if it is OK to change the migration in this way.
This message in the UI didn't make sense to me. If you all prefer the existing message, that is fine...I just think it is weird and doesn't tell you what it does.
If I don't care, I can leave it on --------- in the UI which is "do whatever the default is"
If I do care, its weird to choose an option saying I don't choose and option.
Reviewed-by: Bianca Henderson <beeankha@gmail.com>
Reviewed-by: Jeff Bradberry <None>
--- Passing this parameter in receptor_params in AWXReceptorJob class
--- Removed AWX_CONTAINER_GROUP_POD_LAUNCH_RETRIES from defaults.py as it was not being used anywhere
--- Removed AWX_CONTAINER_GROUP_POD_LAUNCH_RETRY_DELAY from defaults.py as it was not being used anywhere
